CVE-2019-1938

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1100%

EPSS Percentile36.60th

Published2019年8月21日

Last Modified2024年11月21日

Vulnerability Description

A vulnerability in the web-based management interface of Cisco UCS Director and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper authentication request handling. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an unprivileged attacker to access and execute arbitrary actions through certain APIs.

Affected Platforms (CPE)

📦

Cisco

Ucs Director

= 6.7.0.0

📦

Cisco

Ucs Director

= 6.7.1.0

📦

Cisco

Ucs Director Express For Big Data

= 3.7.0.0

📦

Cisco

Ucs Director Express For Big Data

= 3.7.1.0

References & Advisories

🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-ucsd-authbypass

Vulnerability Description

Affected Platforms (CPE)

Ucs Director

Ucs Director

Ucs Director Express For Big Data

Ucs Director Express For Big Data

References & Advisories

相关漏洞威胁